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DETAILED ACTION 

1 . This action is in response to Amendment filed 2/8/2009. Claims 1 -22 are 
pending. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

This application currently names joint inventors. In considering 
patentability of the claims under 35 U.S.C. 103(a), the examiner presumes that 
the subject matter of the various claims was commonly owned at the time any 
inventions covered therein were made absent any evidence to the contrary. 
Applicant is advised of the obligation under 37 CFR 1 .56 to point out the inventor 
and invention dates of each claim that was not commonly owned at the time a 
later invention was made in order for the examiner to consider the applicability of 
35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) prior art under 35 
U.S.C. 103(a). 

2. Claims 1-22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Graham et al. (US Patent Publication No. 2002/0178271 and Graham 
hereinafter) in view of Hearns et al. (WO 03/003242 and Hearns hereinafter). 
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3. As to claim 1 , Graham teaches a access control system for controlling 
access to data stored on at least one data storage medium of a computing 
system, the access control system comprising: authentication means to 
authenticate users permitted to access data stored in the at least one data 
storage medium (i.e., ... teaches an end-user client device requests a file from 
the content source 160, the request is received by the proxy system, which 
selectively provides the requested file as a function of information the proxy 
system obtains from authentication system and policy system [par. 65]]); 

and database means arranged to store data access profiles (i.e., 360, fig. 
3); each data access profile being associated with a user permitted to access 
data stored in the at least one data storage medium (i.e., ... 510, fig. 5), each 
data access profile including information indicative of the degree of access 
permitted by a user to data stored in the at least one data storage medium (i.e., 
... teaches the proxy system 1 10 determines if the requesting user has the right 
to access the file [par. 66]). 

Graham does not expressly teach: 

each data access profile including a master data access profile and a 
current data access profile, the current data access profile being modifiable 
within parameters defined by the master data access profile. 
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However, these features are well known in the art and would have been an 
obvious modification of the system disclosed by Graham as introduced by 
Hearns. Hearns discloses: 

each data access profile including a master data access profile and a 
current data access profile, the current data access profile being modifiable 
within parameters defined by the master data access profile (to provide access 
profile means such that the profile dictates access privileges for computer 
resources [pg. 4, lines 15-20; 179, 181, fig. 7E]). 

Therefore, given the teachings of Hearns, a person having ordinary skill in the art 
at the time of the invention would have recognized the desirability and advantage 
of modifying Graham by employing the well known feature of access profiles for 
defining access privileges to system resources as disclosed above by Hearns, for 
which controlling partition access will be enhanced [pg. 4, lines 15-20; 179, 181, 
fig. 7E]. 

4. As to claim 2, although the teachings of Graham illustrates substantial 
features of the claimed invention, it does not disclose: 

An access control system further comprising profile setting means 
arranged to facilitate creation of the master and current access profiles. 
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However, these features are well known in the art and would have been an 
obvious modification of the system disclosed by Graham as introduced by 
Hearns. Hearns discloses: 

An access control system further comprising profile setting means 
arranged to facilitate creation of the master and current access profiles (to 
provide access setting means for computer resources [179, 181 ,fig. 7E]). 

Therefore, given the teachings of Hearns, a person having ordinary skill in the art 
at the time of the invention would have recognized the desirability and advantage 
of modifying Graham by employing the well known feature of access profile 
setting for defining access privileges to system resources as disclosed above by 
Hearns, for which controlling partition access will be enhanced [pg. 4, lines 15- 
20; 179, 181, fig. 7E]. 

5. As to claim 3, Graham teaches a access control system where the access 
control system is incorporated into a computing system having an operating 
system and the master data access profile is modifiable only prior to loading of 
the operating system (i.e., ... teaches a service performs internal policy 
consistency validation, rights revocation, and synchronized policy updates [par. 
111] Those skilled in the art would recognize inherent to the capability to 
synchronize policy (i.e., .. access profiles) updates is the ability schedule 
modification of policies) ... further teaches at the time that the DCMS server 
application is booted, a specified file path is checked. If there are Plug-Ins 
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available, then the DCMS server application loads these plug-ins, and continues 
booting [par. 371]). 

6. As to claim 4, Graham teaches a access control system where said 
control system is activatable so as to permit modification of the current access 
profile and deactivatable so as to prevent modification of the current access 
profile (i.e., ... teaches a service performs internal policy consistency validation, 
rights revocation, and synchronized policy updates [par. 111] Those skilled in 
the art would recognize inherent to the capability to synchronize policy updates is 
the ability to activate and de-activate modification of policies (i.e., .. access 
profiles)). 

7. As to claim 5, Graham teaches a access control system where the access 
control system is implemented at least in part in the form of software (i.e., ... 
teaches a system in accordance with the present invention consists of server 
software running as an application on a standard hardware configuration and 
client software either hooking into or running as a process on top of the operating 
system on a standard hardware configuration [par. 31]]. 

8. As to claim 6, Graham teaches a access control system where the access 
control system is implemented at least in part in the form of hardware (i.e., ... 
teaches a system in accordance with the present invention consists of server 
software running as an application on a standard hardware configuration and 
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client software either hooking into or running as a process on top of the operating 
system on a standard hardware configuration [par. 31]. 



9. As to claim 7, Graham teaches a access control system where the access 
control system is arranged to govern user access profiles used by a security 
device configured to control access to a data storage medium (i.e., ... teaches a 
proxy system interfaces with and maintains authentication, access and usage 
control and security across computer network utilization of content sources [par. 
70]). 



10. As to claim 8, Graham teaches a access control system where the 
security device is implemented at least in part in hardware and is of a type 
located between a data storage medium of a computing system and a CPU of 
the computing system (i.e., ...teaches DCMS client application being stored in the 
host Operating System's memory partition in the client computer [par. 397] Those 
skilled in the art would recognize a CPU is inherent to the hardware structure of a 
computer). 



11. As to claim 9, Graham teaches a access control system where the 
security device is implemented at least in part in hardware and is of a type 
incorporated into bus bridge circuitry of a computing system [fig. 14]. 
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12. As to claim 1 0, Graham teaches a access control system where the 
access control system is incorporated into a computing system having an 
operating system and the current access profile is modifiable after loading of the 
operating system (i.e., .. teaches includes a user interface, configured to facilitate 
creation and editing of said access policies and said usage policies and 
association of said access policies and said usage policies with said files [claim 
6])- 



1 3. As to claim 1 1 , Graham teaches a method of controlling access to data 
stored on at least one data storage medium of a computing system, the method 
comprising the steps of: providing means for authenticating users permitted to 
access data stored in the at least one data storage medium (i.e., ... teaches user 
authentication is performed by an authentication system and policy management 
is accomplished by a policy system [par. 20]); 

and storing data access profiles (i.e., ... teaches access control policies 
over managed content, such as files stored in a content source [par. 69]); 

associating each data access profile one data storage medium (i.e., ... 
teaches evaluates the user/file specific policy from the METAFILES and 
database [par. 101]); 

each data access profile including information indicative of the degree of 
access permitted by a user to data stored in the at least one data storage 
medium (i.e., .. teaches security on both an access and usage level [par. 58]). 
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Graham does not expressly teach: 

each data access profile including a master data access profile and a 
current data access profile, the current data access profile being modifiable 
within parameters defined by the master data access profile. 



However, these features are well known in the art and would have been an 
obvious modification of the system disclosed by Graham as introduced by 
Hearns. Hearns discloses: 

each data access profile including a master data access profile and a 
current data access profile, the current data access profile being modifiable 
within parameters defined by the master data access profile (to provide access 
profile means such that the profile dictates access privileges for computer 
resources [pg. 4, lines 15-20; 179, 181, fig. 7E]). 



Therefore, given the teachings of Hearns, a person having ordinary skill in the art 
at the time of the invention would have recognized the desirability and advantage 
of modifying Graham by employing the well known feature of access profiles for 
defining access privileges to system resources as disclosed above by Hearns, for 
which controlling partition access will be enhanced [pg. 4, lines 15-20; 179, 181, 
fig. 7E]. 



14. As to claim 12, although the teachings of Graham illustrates substantial 
features of the claimed invention, it does not disclose: 
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An access control system further comprising the step of facilitating 
creation of the master and current access profiles. 

However, these features are well known in the art and would have been an 
obvious modification of the system disclosed by Graham as introduced by 
Hearns. Hearns discloses: 

An access control system further comprising the step of facilitating 
creation of the master and current access profiles (to provide access setting 
means for computer resources [179, 181, fig. 7E]). 

Therefore, given the teachings of Hearns, a person having ordinary skill in the art 
at the time of the invention would have recognized the desirability and advantage 
of modifying Graham by employing the well known feature of access profile 
setting for defining access privileges to system resources as disclosed above by 
Hearns, for which controlling partition access will be enhanced [pg. 4, lines 15- 
20; 179, 181, fig. 7E]. 

1 5. As to claim 1 3, Graham teaches a method where the access control 
system is incorporated into a computing system having an operating system (i.e., 
... teaches a server-side software modules uses many of the standard 
functionality of commercial operating systems to accomplish its normal 
operations [par. 72]), and the step of facilitating modification of the current data 
access profile includes the step of facilitating modification of the master data 
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access profile only prior to loading of the operating system (i.e., ... teaches ervice 
performs internal policy consistency validation, rights revocation, and 
synchronized policy updates [par. 111] Those skilled in the art would recognize 
inherent to the boot process of computer is the updating of all files] ... further 
teaches at the time that the DCMS server application is booted, a specified file 
path is checked. If there are Plug-Ins available, then the DCMS server 
application loads these plug-ins, and continues booting [par. 371]). 

16. As to claim 14, Graham teaches a method further including the steps of 
facilitating activation of said control system so as to permit modification of the 
current access profile and facilitating deactivation of said control system so as to 
prevent modification of the current access profile (i.e., ... teaches a service 
performs internal policy consistency validation, rights revocation, and 
synchronized policy updates [par. 111] Those skilled in the art would recognize 
inherent to the capability to synchronize policy updates is the ability to activate 
and de-activate modification of policies (i.e., .. access profiles)). 

17. As to claim 15, Graham teaches a method where the access control 
system is implemented at least in part in the form of software (i.e., ... teaches a 
system in accordance with the present invention consists of server software 
running as an application on a standard hardware configuration and client 
software either hooking into or running as a process on top of the operating 
system on a standard hardware configuration [par. 31]. 
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18. As to claim 16, Graham teaches a method where the access control 
system is implemented at least in part in the form of hardware (i.e., ... teaches a 
system in accordance with the present invention consists of server software 
running as an application on a standard hardware configuration and client 
software either hooking into or running as a process on top of the operating 
system on a standard hardware configuration [par. 31]. 

19. As to claim 17, Graham teaches a method further comprising the step of 
arranging the access control system so as to govern user access profiles used 
by a security device configured to control access to a data storage medium (i.e., 
... teaches a proxy system interfaces with and maintains authentication, access 
and usage control and security across computer network utilization of content 
sources [par. 70]). 

20. As to claim 18, Graham teaches a method where the security device (i.e., 
DCMS) is implemented at least in part in hardware and is of a type located 
between a data storage medium of a computing system and a CPU of the 
computing system (i.e., ...teaches DCMS client application being stored in the 
host Operating System's memory partition in the client computer [par. 397] Those 
skilled in the art would recognize a CPU is inherent to the hardware structure of a 
computer). 
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21 . As to claim 19, Graham teaches a method where the security device is 
implemented at least in part in hardware and is of a type incorporated into bus 
bridge circuitry of a computing system [fig. 14]. 

22. As to claim 20, Graham teaches a method further comprising the steps of 
incorporating the access control system into a computing system having an 
operating system and facilitating modification of the current access profile after 
loading of the operating system (i.e., ... teaches includes a user interface, 
configured to facilitate creation and editing of said access policies and said 
usage policies and association of said access policies and said usage policies 
with said files [claim 6]). 

23. As to claim 21 , Graham teaches a computer program which when loaded 
into a computing system causes the computing system to operate in accordance 
with an access control system for controlling access to data stored on at least 
one data storage medium of a computing system, the access control system 
comprising: authentication means to authenticate users permitted to access data 
stored in the at least one data storage medium (i.e., ... teaches a content 
subsystem regulates access to files in the content repository through the 
evaluation and enforcement of authentication and access control policies [par. 
85]); 
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and database means (i.e., cache) arranged to store data access profiles 
(i.e., ...teaches user shared session secrets and credentials are stored in 
temporary caches [par. 98]); 

each data access profile being associated with a user permitted to access 
data stored in the at least one data storage medium (i.e., ... teaches the 
authentication service creates credentials used to gain access to the protected 
content [par. 105]); 

each data access profile including information indicative of the degree of 
access permitted by a user to data stored in the at least one data storage 
medium (i.e., ...teaches policies also state the restrictions to be placed on 
content if access is granted .... teaches enforced by the client module access 
restrictions further define the operations permitted by the user on received 
content [par. 173]). 

Graham does not expressly teach: 

each data access profile including a master data access profile and a 
current data access profile, the current data access profile being modifiable 
within parameters defined by the master data access profile. 

However, these features are well known in the art and would have been an 
obvious modification of the system disclosed by Graham as introduced by 
Hearns. Hearns discloses: 
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each data access profile including a master data access profile and a 
current data access profile, the current data access profile being modifiable 
within parameters defined by the master data access profile (to provide access 
profile means such that the profile dictates access privileges for computer 
resources [pg. 4, lines 15-20; 179, 181, fig. 7E]). 

Therefore, given the teachings of Hearns, a person having ordinary skill in the art 
at the time of the invention would have recognized the desirability and advantage 
of modifying Graham by employing the well known feature of access profiles for 
defining access privileges to system resources as disclosed above by Hearns, for 
which controlling partition access will be enhanced [pg. 4, lines 15-20; 179, 181, 
fig. 7E]. 

24. As to claim 22, Graham teaches a computer useable medium having a 
computer readable program code embodied therein for causing a computer to 
operate in accordance with an access control system for controlling access to 
data stored on at least one data storage medium of a computing system, the 
access control system comprising: authentication means to authenticate users 
permitted to access data stored in the at least one data storage medium (i.e., ... 
teaches this authentication interface obtains the identity or rights proving 
credentials used to infer access rights [par. 127]) and database means arranged 
to store data access profiles (e.g., ... authentication services) (i.e., ... teaches 
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Entity information used by authentication services is stored in the entity database 
[par. 114]); 

each data access profile being associated with a user permitted to access 
data stored in the at least one data storage medium (i.e., ... teaches the 
authentication service creates credentials used to gain access to the protected 
content [par. 105]); 

each data access profile including information indicative of the degree of 
access (i.e., condtype) permitted by a user to data stored in the at least one data 
storage medium (i.e., ... teaches Access Conditions (multi-valued) 564 - the 
access conditions state the conditions under which access will be allowed. Each 
condition consists of condType [par. 173; table 2]. 

Graham does not expressly teach: 

each data access profile including a master data access profile and a 
current data access profile, the current data access profile being modifiable 
within parameters defined by the master data access profile. 

However, these features are well known in the art and would have been an 
obvious modification of the system disclosed by Graham as introduced by 
Hearns. Hearns discloses: 

each data access profile including a master data access profile and a 
current data access profile, the current data access profile being modifiable 
within parameters defined by the master data access profile (to provide access 
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profile means such that the profile dictates access privileges for computer 
resources [pg. 4, lines 15-20; 179, 181, fig. 7E]). 

Therefore, given the teachings of Hearns, a person having ordinary skill in the art 
at the time of the invention would have recognized the desirability and advantage 
of modifying Graham by employing the well known feature of access profiles for 
defining access privileges to system resources as disclosed above by Hearns, for 
which controlling partition access will be enhanced [pg. 4, lines 15-20; 179, 181, 
fig. 7E]. 

Prior Art Made of Record 

25. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Kabzinski et al. (US Patent Publication No. 2007/0028292). 

Response to Arguments 

Applicant's arguments, see Applicant's Remarks, filed 2/8/2009, with 
respect to the rejection(s) of claim(s) 1-22 have been fully considered and are 
persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of Graham and 
Hearns. The Examiner contends the teachings of Hearns provides differentiation 
(e.g., Master and Current) of access privileges for authenticated users. 
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Contact Information 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to BRYAN WRIGHT whose telephone number is 
(571)270-3826. The examiner can normally be reached on 8:30 am - 5:30 pm 
Monday -Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, William Korzuch can be reached on (571) 272-7589. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 

/BRYAN WRIGHT/ 
Examiner, Art Unit 2431 

/William R. Korzuch/ 

Supervisory Patent Examiner, Art Unit 2431 
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